on 09-19-2018 10:42 PM
Hi all,
I have installed BOBJ 4.2 sp05. When I tried to launch BI Launch Pad, using WinAD SSO, I get error below: http status 500 - com.wedgetail.idm.sso.protocolexception: com.wedgetail.idm.spnego.server.spnegoexception: com.dstc.security.util.asn1.asn1exception: bad tag encountered: 78
I report that the manually connection using WinAD authentication works fine. Wich log file I have to check in order to understand wich is the problem?
P.S.
Unfortunately the topic https://archive.sap.com/discussions/thread/2116896# doesn't solve the issue.
In particular I have copied the spnego-r5.jar file under lib folder of tomcat but the problem persist.
Any help is apreciated.
Thanks,
MJ
bad tag usually indicates an SSO attempt from the server or web/app console. Kerberos will not work from the console it must be done from a client PC. Also are you using the latest KBA for setting up SSO? https://apps.support.sap.com/sap/support/knowledge/preview/en/2629070
-Tim
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi All,
I solve this issue adding "delegation" rights to the WinAD users.
Thanks to all.
Best Regards,
MJ
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
There are 16 KBA's when I search for com.wedgetail.idm.sso.protocolexception - have you looked at them to see if one matches your scenario ?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
For SSO configuration follow the below document it is a very nice step-by-step document on "How to configure Windows AD in SAP BI"
Regarding 500 error, looks like there is a problem with keytab file, there is a similar discussion in the below thread, follow the solution hope it helps.
Thanks
Ashraf
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
For more information on error, check the log file under tomcat directory.
One of the cause of Single Sign On fails is due to duplicate Service Principal Name (SPN). Check if there are any duplicate SPN for the service account.
Also check whether the password of the service account been changed? Because if so then you need to regenerate the keytab file with updated password
User | Count |
---|---|
86 | |
10 | |
10 | |
9 | |
7 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.